@bjornfor I know a bunch of the packages are not dead but since no one is maintaining them in nixpkgs I figure that they do more harm than good.

I started this by doing a git blame | grep sha256 and starting from the oldest packages.
This is all stuff that hasn't been updated since early 2014 and older.

I see no point in keeping around packages that no one has the intention of maintaining.

I have updated bitstring, demjson, pyodbc, robotsuite in master (0b93dbe and parents). Please rebase.

@bjornfor Please also split them out from python-packages.nix.

@adisbladis: Done (489cdc2 and 3 parents).

Thank you @bjornfor

@bjornfor Thanks :) Packages dropped from PR.

@adisbladis:

@bjornfor I know a bunch of the packages are not dead but since no one is maintaining them in nixpkgs I figure that they do more harm than good.

Harm to whom? Nixpkgs users or maintainers?

@bjornfor I have a few reasons for this.

1. It's harmful to users. if I'm on the unstable channel I would expect to get the latest stable release of a given package, not something that is 3-7 years out of date.

2. It's harmful for security. Lagging several years behind on security updates can never be a good thing.

3. It's harmful for maintainers. A lot of the python packages are abandoned by their maintainer. You yourself is listed as a maintainer on 25 python packages, another maintainer with a bunch of abandoned packages are listed on 65 python packages. Can you honestly say that you are maintaining all of these?

4. It's harmful to new contributors. I have on multiple occasions tried to improve and update packages with python dependencies and ended up giving up on the endeavour because it turns out every single dependency is horribly out of date. I'm pretty sure I'm not the only one.

@adisbladis I mostly agree with you, but I do want to add the following. Many of us that have been using Nixpkgs for some time are listed as maintainers for a lot of packages. That's mostly because we have (or had) a need for that package, and simply want to be warned when they are touched. Ideally, each of us would maintain fewer packages, but as is I think obvious, we just do not have that many maintainers, but still we have a need of the packages.

@adisbladis:

1. It's harmful to users. if I'm on the unstable channel I would expect to get the latest stable release of a given package, not something that is 3-7 years out of date.

The alternative is not having the package at all. (I'd rather have old package than no package.)

2. It's harmful for security. Lagging several years behind on security updates can never be a good thing.

Good point.

3. It's harmful for maintainers. A lot of the python packages are abandoned by their maintainer. You yourself is listed as a maintainer on 25 python packages, another maintainer with a bunch of abandoned packages are listed on 65 python packages. Can you honestly say that you are maintaining all of these?

(That doesn't explain how it's harmful to maintainers. I think it's harmful when there are packages that require maintenance, but nobody really cares about the packages anymore. Then it is better to remove, instead of "forcing" people to spend energy on things that don't matter.)

No, I cannot claim that I maintain all my packages, if that means always having the latest version (unfortunately). I could remove myself as maintainer and/or remove all "my" packages if they lack maintainers, but I don't see that as a good solution either.

4. It's harmful to new contributors. I have on multiple occasions tried to improve and update packages with python dependencies and ended up giving up on the endeavour because it turns out every single dependency is horribly out of date. I'm pretty sure I'm not the only one.

But the alternative would be not having any dependency packages to begin with. Isn't it better to update a few old packages when needed than having to write all expressions from scratch?

To sum up, I think it's good that nixpkgs receives some "clean-up" from time to time (thanks!), but we must also find a balance in how eager we are when cleaning/removing stuff. Being too eager or too lazy is both bad.

Since bpython is well underway in #30922 I have dropped it from the PR.

I only noticed this PR when it was merged: it was not ready.

1. This merge has broken the evaluation of master (for the purpose of nox-review and Travis, and hydra advancing the channel), fixed in pythonPackages.fuse: fix infinite recursion in expression #31340.

2. RedNotebook is a diary application, its users will not be reconciled with its sudden removal, and its old version does not show its age and works perfectly well. I'm restoring and updating it in Restore and update RedNotebook #31341.

3. I do not understand or appreciate this approach to packages (particularly applications) that build fine, and just were not updated in a few years. First, they may have satisfied users who did not notice anything lacking and do not care to update; or the old version may even work better than the new. Second, it is often easier to update existing packages than to add new ones. (For instance you've removed Task Coach 1.3.22 when the latest version is 1.4.3. I guess that it has not changed much, and that its old expression is useful to package the update.)

@orivej Ideally we have expressions, and preferably of the latest versions, but that requires maintainers. We just don't have enough people maintaining all of the expressions.